To ensure all requests and responses between Primavera Gateway and P6 Web Services are encrypted, you need a keystore file for encryption. There are several methods for generating a keystore file.
You can use the following sequence to generate and use the same keystore file on all servers:
- Create a Keystore file as follows:
- Create a folder, for example, C:/keystore.
- Use the Java keytool genkey command to create a keystore with the private key:
From the command line, execute:
keytool -genkey -alias <alias_name> -keyalg RSA -sigalg SHA1withRSA -keypass <keyPassword> -storepass <storePassword> -keystore <keystore file location>
Where:
<alias>
is the key alias<keyPassword>
is the password of the private key<storePassword>
is the password of the keystoreFor example:
keytool -genkey -alias myAlias -keyalg RSA -sigalg SHA1withRSA -keypass myPassword -storepass myPassword -keystore c:\keystore\keystore.jks
- Enter information for each of the following questions:
- What is your first and last name?
Enter the Gateway host name.
- What is the name of your organization?
- What is the name of your city or locality?
- What is the name of your state or province?
- What is the two-letter country code for this unit? For example, US.
- Is CN=<Gateway host name>, OU=<organization unit name>, O=<organization name>, L=<location>, ST=<state code>, C=<country code> correct? Enter
Y
orN
.Note: If P6 Web Services is deployed on other than a Gateway machine, then copy the keystore folder with keystore.jks to the P6 Web Services machine.
- What is your first and last name?
- In the Gateway user interface, select the Configuration tab and enter deployment information for P6. For more details, see Adding or Editing a P6 Deployment Connection.
- In P6 EPPM administration application:
- Enter the keystore information that was entered in the keystore file. The values must be identical.
- Modify the message protection node setting as follows:
- Set the Require Timestamp value as True.
- Set the Require Digital Signature for Incoming Messages value as True.
- Set the Require Encryption for Incoming Messages value as True.
- In the KeyStore Type field, enter JKS.
- In the File Location field, enter the location of the .jks file. For example, c:\keystore\keystore.jks
- In the KeyStore Password field, enter the password for the keystore file provided in keytool command.
- In the Private Key Alias field, enter the alias name provided in keytool command.
- In the Private Key Password field, enter the private key password for the keystore file provided in the keytool command.
- If the encryption is on in Primavera Gateway, then NONCE and CREATED are included in the header for UserName Token authentication. To enable this:
- Set the NONCE value as True.
- Set the CREATED value as True.
- After encryption is set, restart P6 Web Services.